A Drawback of App Transport Security
Apple introduced App Transport Security on iOS 9, which prohibits plain text HTTP requests. It is basically good in my opinion. I agree that plain text HTTP request, without SSL, to internet hosts should be prohibited.
But how about devices connected to local network?
Apple allows to have an exception “local” to allow connection without encryption to hosts with a suffix “.local”. It allows connecting LAN devices with Bonjour name.
The bad news is that Bonjour, mDNS specifically, does not always work well. It does not work on some of consumer Wi-Fi access points. For that case, we should provide an option to specify the hostname of the devices by IP address on our apps (I hate to have this option, but we need that). However the “local” exception does not work for hosts pointed by IP address notation.
The best way for this is to allow to make a plain-text connection to link-local addresses. However, it is not now.
Then I implemented a HTTP 1.1 client base on UNIX socket API, in this HTTP/2.0 era!
I don’t think you should use the library when you want to make a connection to Internet hosts. You should use HTTPS, or you should explicitly add a exception of ATS. This is only for LAN connected devices. It provides very limited features. It lacks supports of some important HTTP/1.1 features like “Connection: keep-alive”.
